On Fri, Jul 29, 2016 at 02:16:16PM -0600, Jim Fehlig wrote:
> I've noticed the behavior described by this LSN with libvirt+Xen. Config
> containing <graphics type='vnc' passwd=''/> allows any client to
> connect with no authentication check. I asked about this on the Xen security
> list and was told that "libxl interprets an empty password in the caller's
> configuration to mean that passwordless access should be permitted". The 
> libvirt
> domXML docs are not clear on semantics of empty vnc password, only stating 
> "The
> passwd attribute provides a VNC password in clear text".
> 
> Should the libvirt domXML vnc passwd documentation be amended to define the
> semantics of an empty string in the passwd attribute? Is the behavior
> hypervisor-dependent as the documentation in qemu.conf suggests?

I guess we've never clarified the semantics in any cross-hypervisor
manner. I think the fixed QEMU behaviour is the most sane from a
portability POV - the Xen (and broken QEMU) behaviour was effectively
overloading 2 settings onto one attribute. ie it was (ab)using a zero
length password as a way to change the authentication method. We should
always have distinct XML attributes for distinct settings. IOW, any toggle
betweeen password and no-auth should an explicit setting and a zero length
password should not magically change that.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to